Semestry Ltd

TermTime

TermTime is a cloud service for the generation and management of teaching timetables for universities and colleges. Services include auto-scheduling, staff and student portals, room booking, real time change notification and a reporting dashboard.

Features

• Auto-scheduling of university and college teaching and exam timetables
• Curriculum and staff reference data collection
• Real time change notification
• Self service room bookings
• Real time reporting and dashboards
• Staff and Student portals
• Calendar integration with Outlook365, etc.
• Comprehensive rooms, exams, student and staff capabilities
• Comprehensive rooms, exams,student and staff constraints
• Integration using API and files transfer

Benefits

• Maximise student and staff satisfaction with teaching and exam timetables
• Lower total cost of ownership
• Quick service deployment
• Available at all times, from any device
• All functionality available through standard browser interface
• Speed up integration of business processes from other systems
• Deliver timetable in real time to students and staff
• Improve timetable be modelling different scenarios
• Improve efficiency through Cloud collaboration
• Lower overheads as no need for dedicated IT infrastructure

£13,500 a unit a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Framework

G-Cloud 12

Service ID

635333700221849

Contact

Steve Harrison
+447855401994
steve.harrison@semestry.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements:
  • Internet access
  • Browser interface

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response is available 08:00 to 18:00 Monday to Friday except public holidays:; Target Response Times; Critical < 15 minutes; High < 1 hour; Medium < 1 business day; Low < 1 business day; Very Low < 1 business day
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: None
• Onsite support: Yes, at extra cost
• Support levels: Customers have access to a project manager and a support consultant to manage their implementations and on-going project needs.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Implementation is managed by our project management and consultancy team. They provide on-site training, plus help with integration consultancy and data importing.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Semestry provides access to all customer data in standard formats - cvs files or data tables
• End-of-contract process: A 2 weeks end of contract project is available to extract all customer data in their preferred format.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: TermTime offers full functionality on mobile and desktop services
• Service interface: No
• API: Yes
• What users can and can't do using the API: API is accessed through secure https protocols using RESTful and JSON.; The API can be used to import and export all the data from the database. All data objects and their attributes can be imported.; The API includes standard reports.; All data can be exported and viewed in different forms.; The API supports creation, updates and deletion of all data objects. The API can be used to create new timetables as required. ; Creation, updating and deletion of all data objects is possible using the API.; There are no limitations on use of the API.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: Semestry monitors all usage against our cloud infrastructure levels and increase these levels if demand increases.; There are no resource sharing across customers.

Analytics

• Service usage metrics: Yes
• Metrics types: All metrics are built into the TermTime system and are updated in real time
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Data is exported via the following:; standard cvs files; API; Interfaces to reporting services eg. PowerBI and QlikSense and Crystal Reports
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • JSON
  • XML
  • Excel
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • JSON
  • XML

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.9% up time and availability
• Approach to resilience: Semestry provides 2 levels of cloud data backup as stipulated in our SLA; Backup servers available for reallocation; Details available on request
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: All users have access rights and only top level users can access the management interface. All access and access attempts are logged. Support staff have access to view data but not to add, edit or delete data (unless asked to by customers).; Support staff all have dedicated accounts and do not use customer logins. There are no shared accounts.; Top level access can only be granted by Semestry staff.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS
• ISO/IEC 27001 accreditation date: 02/05/2018
• What the ISO/IEC 27001 doesn’t cover: Our certification covers development, operations and support of on-line scheduling systems, products and services.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Semestry runs vulnerability process checks, personnel checks and incident management reporting to ISO27001 standards.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All configuration and changes are tracked through the lifetime of the contract. This includes assessing the impact any change may have on the way existing customers can use the system and the overall impact on security.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Semestry has systems in place to monitor potential threats and utilises the services of our service provide for added security. Any security patches are implemented within 24 hours.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: All attempted access to non standard Semestry URLs are recorded to a dedicated log file and investigated immediately. Each access attempt is assessed. Where there are sustained attempts from specific addresses these addresses will be blocked in the firewalls protecting our servers.; Any attempt to send malformed parameters or inject code into Semestry URLs is logged in a dedicated log file. The full details of the address making the attempt are logged.; The only service available from production servers is HTTPS. All other services are locked.; Server error logs are monitored constantly for potential problems.
• Incident management type: Supplier-defined controls
• Incident management approach: We have defined processes for each attempt. Each attempt is assessed to determine if more security is required. Where applicable extra blocks are added to firewalls.; Users can contact using direct on-line communications or email or telephone calls.; Where there is a breach of data then all the customers will be informed and action taking according to the suspected data breach.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £13,500 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF